Search results for ''...

Sorry, there were no results

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry.
If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

I agree to be 'opted in' to receive the Thomson Snell & Passmore communications I have selected above. I understand that this means they will send me relevant content based on the options I have selected. \n\n If you do not wish to receive promotional material from Thomson Snell & Passmore please contact us using the following link: info@ts-p.co.uk

If you're human leave this blank:

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry.
If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

I agree to be 'opted in' to receive the Thomson Snell & Passmore communications I have selected above. I understand that this means they will send me relevant content based on the options I have selected. \n\n If you do not wish to receive promotional material from Thomson Snell & Passmore please contact us using the following link: info@ts-p.co.uk

With the deadline for compliance with the General Data Protection Regulation fast approaching on 25 May 2018, data protection is on many employers’ minds, but perhaps none more so than Morrisons.

With the deadline for compliance with the General Data Protection Regulation fast approaching on 25 May 2018, data protection is on many employers’ minds, but perhaps none more so than Morrisons.

The supermarket has just been on the receiving end of a claim by 5,518 of its employees for unauthorised disclosure of their sensitive personal data by one of its employees.

The employee in question, a senior IT auditor by the name of Mr Skelton, aggrieved at the outcome of a disciplinary hearing, uploaded personal details of nearly 100,000 employees to a public file sharing site shortly before the supermarket’s annual reports were announced. He was subsequently convicted and sentenced to eight years in prison.

A group of the employees brought a class-action data protection claim against Morrisons, alleging that Morrisons had breached the Data Protection Act and that it was liable for Mr Skelton’s disclosure. The judge found that Morrisons’ breach of the Data Protection Act did not lead to the disclosure, but that it was nonetheless liable for Mr Skelton’s actions.

The judgment puts employers in a difficult positon: in this case, Morrisons had done (almost) everything they should have done to prevent a data breach. In this instance, a senior employee who had access to personal information for legitimate reasons had simply ‘gone rogue’. Nevertheless, Morrisons was liable.

No decision has been made yet as to how much compensation each employee should get, but with almost 100,000 potential claims, even a relatively small sum each will mean a big cost to the company overall. The PR damage to company is also significant.

The key advice for employers is that while they may not be able to completely avoid data protection breaches, it is absolutely possible to limit their frequency and size. Steps such as data protection policies, effective systems and good cybersecurity go a long way to mitigating the risk. Fostering the right attitude towards the importance of data security within the organisation is also important.

Many insurers now offer specialist data protection and cybersecurity insurance which can protect businesses if things do go wrong. In this instance, one might question the wisdom of allowing an employee with a recent finding of misconduct to have unsupervised access to (and the opportunity to copy) the personal data of almost 100,000 employees’. Most businesses do not allow individual employees (even senior ones) to transfer funds above a certain level without a second person being involved. Bulk data is inherently valuable and should have similar oversight.

We act for businesses of all shapes and sizes and in many different sectors. Our advice covers all aspects of the employment relationship, helping to settle disputes, defending employment tribunal claims and providing immigration compliance audits.

We work across a wide range of sectors and for all sizes of business, in particular, owner managed businesses. Our experience means we can help you to identify all the Intellectual Property that might exist in your business. We regularly advise on the protection, exploitation and enforcement many types of Intellectual Property.

Get In Touch

By submitting an enquiry through 'get in touch' your data will only be used to contact you regarding your enquiry.
If you would like to receive newsletters from Thomson Snell & Passmore please use the separate form below.

I agree to be 'opted in' to receive the Thomson Snell & Passmore communications I have selected above. I understand that this means they will send me relevant content based on the options I have selected. \n\n If you do not wish to receive promotional material from Thomson Snell & Passmore please contact us using the following link: info@ts-p.co.uk

I agree to be 'opted in' to receive the Thomson Snell & Passmore communications I have selected above. I understand that this means they will send me relevant content based on the options I have selected. \n\n If you do not wish to receive promotional material from Thomson Snell & Passmore please contact us using the following link: info@ts-p.co.uk